Office 2016 Authentication against legacy SharePoint Online (BPOS)

I’m sure you’ve all installed Office 2016 by now!

If you have already installed Office 2016, and you were an early adopter of SharePoint Online (as part of the original Office 365 – the obscurely named “Business Productivity Online Services” or BPOS…) you may have some issues authenticating against legacy site collections from within your Office applications (Word, Excel etc.).

The reason is related to the default authentication model as described here and reproduced below for convenience, and the fact that Modern Auth won’t work properly with BPOS site collections (for some reason – the clue may well be in the ADAL part of the reg key; Active Directory Authentication Library, which the old BPOS site collection can’t use to authenticate users properly as the trust may not work between Azure AD and the BPOS site collection.

SharePoint Online

Office Client SharePoint Online (Default is ON)
Office version and registry key Modern auth effective? Modern auth

disabled

Modern auth enabled
Office 2016, No registry key Yes Modern authentication only Attempt modern authentication, fail over to Microsoft Online Sign-in Assistant if the server refuses a modern authentication connection (which is the case when tenant is not enabled)
Office 2016,

EnableADAL = 1

Yes Failure to connect Attempt modern authentication, fail over to Microsoft Online Sign-in Assistant if the server refuses a modern authentication connection (which is the case when tenant is not enabled)
Office 2016,

EnableADAL =0

No Microsoft Online Sign-in Assistant only Microsoft Online Sign-in Assistant only
Office 2013,

No registry key set

No Microsoft Online Sign-in Assistant only Microsoft Online Sign-in Assistant only
Office 2013,

EnableADAL-1

Yes   Attempt modern authentication, fail over to Microsoft Online Sign-in Assistant if the server refuses a modern authentication connection (which is the case when tenant is not enabled)

The Fix

If you are still having difficulties you can update the following in your registry manually:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Identity\EnableADAL should be added & set to 0,

or run this .reg file and reboot.

No warranty implied and all usual precautions should be taken before installing a .reg file from t’internet!

Happy for a full explanation to be added in the comments Smile

Leave a Comment Yourself

Your email address will not be published. Required fields are marked *